IBM is facing a class-action lawsuit in the wake of a significant data breach tied to the controversial MOVEit application. The plaintiff, Jennifer Wedeking, alleges that IBM’s negligence and its use of MOVEit led to the breach.
She claims IBM recklessly used MOVEit despite knowing its security vulnerabilities, resulting in the exposure of sensitive data, including names, Social Security numbers, and Medicare ID numbers. This breach has far-reaching implications, affecting not just Wedeking but also a nationwide class of individuals whose information was compromised.
As a result of the IBM data breach, Wedeking and other victims have had to invest substantial time monitoring their financial statements for signs of identity theft or fraud. The lawsuit argues that IBM, a tech giant with substantial resources and expertise, failed to implement necessary safeguards for protecting personal information and medical data. The offered remediation, a mere 24 months of identity theft protection, is seen as inadequate, considering the potential long-term consequences of the breach.
The IBM data breach occurred within the Colorado Department of Health Care Policy and Financing (HCPF), exposing personal data of over four million individuals. Questions have arisen about HCPF’s response, particularly the delay in notifying victims. The lawsuit also suggests a possible connection between the IBM data breach and the notorious Clop ransomware gang, known for trading stolen private information on the dark web.
Additionally, the maker of MOVEit Transfer, Progress Software Corp., faces multiple class-action lawsuits over its software’s vulnerability, further highlighting the widespread impact of MOVEit exploitation on organizations worldwide.